cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
2
Replies

ASA syslog failing

Gerard Roy
Level 2
Level 2

Can anyone see why syslog to a server on the inside is failing? See attached.

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

Jerry

I see that your ASA configures a DHCP pool beginning at 192.168.0.2. And your syslog server is at 192.168.0.3. Is it possible that the ASA has assigned 192.168.0.3 to some device not your syslog server? What happens if you change the configuration of the DHCP pool to begin on some higher address?

HTH

Rick

HTH

Rick

jojuarez
Level 1
Level 1

Hi Jerry,

You're missing one command on the syslog configuration:

logging trap

The command above will specify what level of logs the ASA sends to the server. You can refer to the following link for more information:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1753594

Btw, I also noticed that you have the command:

logging buffered debugging

That's not really recommended 'cause you may run into high cpu issues. Debug level is only recommended when it is sent to a syslog server or just for troubleshooting purposes.

Anyway, if the issue continues, you can verify the IP address stuff that Rick just mentioned. And if everything is ok but the issue continues, you'd have to run traffic captures to verify if the ASA's sending the logs to the server in question. You can refer to the following link for more info on captures:

http://nortfm.com/?View=entry&EntryID=1

Hope that helps

- Jorge Luis Juárez

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: